I help out on many sites, and it’s SCARY to see how many of those are being done by companies that don’t care about security, or making sure things are updated (and working) before the site is launched.
Here are some BASIC tips on things you can do to help safeguard your website:
- Don’t use ‘Admin’ for your username.
Anyone with this username is just asking to be hacked. You’re giving hackers 1/2 the keys that they need to break in, because that’s the first username they check.For bonus points, choose a unique username AND a Nickname. The nickname is the name that displays on the site. We don’t want them figuring out your username.
- Use strong passwords.
None of that ‘admin123!’, or ‘pa$$w0rd’ stuff 🙂
Use a password generator, or better yet, sign up for something like lastpass to generate and remember the passwords for you.
- Keep the WordPress updated.
Most of the updates are important security fixes.
- Keep plugins updated as well.
I like to wait about a week before I update my plugins to new versions. That way if there are any bugs, they hopefully already caught and fixed them.
- Use a plugin to create backups.
I use a plugin called UpdraftPlus, since they make restoring files really easy..but there are a lot out there.
Your hosting probably creates backups for you, but it’s encouraged to have a 2nd backup OFF the server as well (updraft lets you choose from several Remote locations, like Dropbox).
- Use a security plugin.
Two examples are iThemes Security or Wordfence. I personally use iThemes (mostly out of habit), since they make it easy to limit the amount of times someone can try to login, ban ip addresses from known hackers, and a bunch of other stuff.